VMSA-2009-0017 : VMware vCenter, ESX patch and vCenter Lab Manager releases address XSS issues

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESX host is missing a security-related patch.

Description :

a. WebWorks Help - Cross-site scripting vulnerability

WebWorks Help is an output format that allows online Help to be
delivered on multiple platforms and browsers, which makes it easy
to publish information on the Web or on an enterprise intranet.
WebWorks Help is used for creating the online help pages that are
available in VMware WebAccess, Lab Manager and Stage Manager.

WebWorks Help doesn't sufficiently sanitize incoming requests which
may result in cross-site scripting vulnerabilities in applications
that are built with WebWorks Help.

Exploitation of these vulnerabilities in VMware products requires
tricking a user to click on a malicious link or to open a malicious
web page while they are logged in into vCenter, ESX or VMware
Server using WebAccess, or logged in into Stage Manager or Lab
Manager.

Successful exploitation can lead to theft of user credentials. These
vulnerabilities can be exploited remotely only if the attacker has
access to the Service Console network.

Security best practices provided by VMware recommend that the
Service Console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more
information on VMware security best practices.

Client-side protection measures included with current browsers are not
always able to prevent these attacks from being executed.

VMware would like to thank Daniel Grzelak and Alex Kouzemtchenko of
stratsec (www.stratsec.net) for finding and reporting this issue.
VMware would also like to thank Ben Allums of WebWorks.com for working
on the remediation of this issue with us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2009-3731 to this issue.

See also :

http://lists.vmware.com/pipermail/security-announce/2009/000073.html

Solution :

Apply the missing patch.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: VMware ESX Local Security Checks

Nessus Plugin ID: 52012 ()

Bugtraq ID: 37346

CVE ID: CVE-2009-3731